Legal

Privacy Policy

Version 3.2.7, 2021-08-26

Your privacy is important, both for you and for us. We will do our very best to ensure that the data you let us process is handled in a secure way, with your integrity in focus. This privacy policy describes what data we collect, how and why we use it and where you can find out more.

Any capitalized words used but not defined herein, shall have the same meaning ascribed to them in the terms and conditions available at Terms.

Whose data do we collect?

What data we collect depends on how you interact with us and, based on the main ways to interact with us, “you” are most likely:

• a “User”, who has signed up for an Account directly with Mentimeter for a Paid Version or Free Version;
• an “Administrator”, who administers a Team Workspace with Team Members (as defined in the Terms);
• an “Organization Contact Person”, who is Mentimeter’s point of contact at an organization;
• a member of an “Audience”, who anonymously interacts with a Menti on menti.com; or
• a “Visitor” who visits any of our Websites, attends webinars, sends us emails, participates in contests, sweepstakes, surveys or in any other way interacts with us or uses parts of our Services without having signed up with Mentimeter.

What data do we collect?

Depending on who you are, we collect:

• Contacts – such as your name, email address, billing address.
• Interaction Information – meaning information on how you use the Services and your system activities (dates, times, and details of log-on and log-off including information on your history with Mentimeter; technical data such as page response times, download errors, personal preferences; your interactions with the customer service, etc. 
• Device Information – e.g. IP address, user agent, browser settings, operating system and platform, and screen resolution. We may, for example, use an IP address received from your browser or device to determine the approximate location. 
• Call Recordings - correspondence and video recordings used for internal educational purposes
• Third-Party Information - we may use third-party sites and third-party platforms as well as publicly available information to collect and add some information to the information provided by you in order to give you relevant communication (for marketing purposes). Examples of collected information are additional work-related profile information.
• Additional Information - means other information, when and to the extent submitted to our Websites such as additional information you choose to provide when creating or modifying your Account or if you, for example, participate in a focus group, contest, request support, leave reviews, or otherwise communicate with Mentimeter. Examples of such collected information could be a profile photo or your job title and phone number if you decide to provide us with that.
• Cookie Information - Please see our Cookie Policy for more information.

You (unless you are a Team Member in which case your organization as our Customer) are liable for personal data included in information submitted by you to a Menti in your use of the Application (e.g. the documents, text, and pictures submitted electronically), including also personal data provided by Audience in their interaction with your Menti(s). Mentimeter will only store such personal data to the extent provided and as a result of your use of the Application.

Users

Administrators

Organization Contact Person

Audience

Visitors

Payment related data

We use Paypal (Braintree) and Stripe which are both level 1 PCI compliant third-party vendors to process credit card payments and together with Stripe we use PE Accounting for invoicing. We never store or process any payment-related data other than as described herein. We may collect some limited information, such as your email address and transaction history. In addition, when processing your payment Stripe and PayPal provides us with limited information related to you, such as a unique token that enables you to make additional purchases using the information they’ve stored, your type of card, expiry date, and last four digits as well as IP address and VAT number, where applicable. If you choose to pay by invoice, we may need to collect and transfer additional information, like your company name, registration number, and phone number, to Stripe and PE Accounting to enable credit checks and send you invoices. Paypal and Stripe are controller and responsible for the personal data that they themselves collect. The use of your data by Stripe and PE Accounting is subject to their own privacy policies and we have data processing agreements with Paypal, Stripe, and PE Accounting in place.

Contests, webinars, surveys etc.

From time to time, we may offer you the chance to participate in webinars, sweepstakes, contests and surveys which may be governed by the Terms and this Privacy Policy or, if explicitly stated, by a specific separate privacy policy with specific terms. We may ask you to be part of surveys, regarding for example customer satisfaction, and with your consent give us feedback in relation to for example support matters or when we test new stuff for improvement purposes and sometimes this may include processing of personal data of you as the respondent. If you choose to participate, we may ask you for certain personal data in addition to what is stated in this Privacy Policy.

Third-party integrations

We may also cooperate with third parties to, for example, host webinars, provide login functionality or provide a combination of our respective services via plug-ins, APIs or to enable integrations in third party services. In the event you choose to use such third-party functionality, services or integration, that third party may be an independent or joint controller together with us for the collection and processing of your personal data in connection therewith. We will process your personal data in accordance with this Privacy Policy and the relevant third parties terms and conditions and/or policies apply to their services and their processing of your personal data. We recommend that you get to know them before you use any functionality or services provided by a third party. They are responsible for the personal data they collect when providing you with their functionality or services.

Google reCAPTCHA

We use "Google reCAPTCHA" (hereinafter "reCAPTCHA") on our Websites which is a service provided by Google used to check whether the data entered on our Websites (such as contacts) has been entered by a human or by an automated program.  To be able to do this, reCAPTCHA analyzes the behavior of the Website Visitor based on various characteristics and various information such as IP address, how long the Visitor has been on the Website or even mouse movements made. This analysis starts automatically as soon as you enter the Website. The reCAPTCHA analyses take place completely in the background, meaning that you who visit our Websites are not advised that such an analysis is taking place. The data collected during the analysis will be forwarded to Google. This data processing is mainly based on legitimate interest since we have a legitimate interest in protecting our site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google's privacy policy, please visit the following links: https://policies.google.com/privacy  and https://www.google.com/recaptcha/about/

For how long is my data stored?

You can at any time delete your Surveys and results when you are logged into our Application. If you are a Free User or single account User, you can delete your entire Account through the use of the delete account function also available in a logged-in state. You may also always delete your entire Account on request by email to hello@mentimeter.com.  We will comply with your request promptly and at the latest within 30 days. If you are part of a Team Workspace as a Team Member, contact the Administrator if you wish to deactivate your Account and if you wish to request the removal of your personal data, we will help you, but request our assistance via the Administrator of the Team Workspace.

If you are a member of the Audience and voluntarily submit your email address to receive a presentation or survey, your email address will be deleted after 12 months (unless you are converted into a User).

HTTP requests and IP addresses that originate from an Audience member are logged and stored with a set retention period. We do not actively create any association or store this data for any other purpose than monitoring and security-related activities.

How long we store personal data that we may receive in relation to the third party integrations depends on the type of data and the purpose for which we process it, but will only be retained for the period necessary to fulfill the purposes of the specific integration unless a longer retention period is required or permitted by law.

We store personal data as long as needed for the purpose described in this Privacy Policy but please note that we may store personal data for a longer period of time if needed to fulfill legal requirements.

Other situations when your data may be processed, shared or disclosed

Notifications. If you have subscribed to be notified of changes to our Terms and Policies we will use your email address to communicate with you.

Customer access. If you use an email address to access the Services and that email address was provided by an organization, such as an employer or school, that organization can request information about your Account as well as, if that organization is a Customer, request us to move your Account to that organization’s Team Workspace in which case you will become a Team Member. The organization may then apply its own policies to your use of the Services and control, administer, suspend and delete access to, as well as downgrade your Account. Please see the Terms for more information on what happens when you use an email address provided by an organization to access the Services. If you would like to be sure to avoid this type of disclosure you should register an Account with your own private email address.

During a change to Mentimeter’s business. If Mentimeter engages in, for example, a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Mentimeter’s assets or stock, financing or similar transactions or proceedings, or steps in contemplation of such activities (e.g. due diligence), some or all your personal data may be shared or transferred, subject to standard confidentiality arrangements.

Aggregated or de-identified data. We may disclose or use aggregated or de-identified data for any type of business-related purpose such as with prospects, partners for business or research purposes.

To enforce our rights, prevent fraud, and for safety. We reserve the right to disclose all kinds of data to protect and defend the rights, property or safety of Mentimeter or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.

To comply with laws. If we receive a request for information, we may disclose all kinds of data, if this is required by mandatory applicable laws, governmental regulations or rules or by any order of court of competent jurisdiction, arbitral tribunal or governmental authority.

With consent. We may share personal data and other data with third parties when we have consent to do so.

Third-Party Service Providers

We engage third-party companies or individuals as service providers or business partners to process your Account to support our business. These third parties are our processors and may, for example, provide and help us with computing and storage services. Please see our entire list of processors. From time to time, we may remove or engage new processors and when we do Mentimeter will ensure via a written contract that the processor may access and use your data only to deliver the services Mentimeter has retained them to provide and is prohibited from using such data for any other purpose. Mentimeter will ensure that processors are bound by written agreements that require them to provide at least the level of data protection required of Mentimeter.

Where is my data transferred and stored?

We may transfer your personal data to countries other than the one in which you live. Most transfers are made to processors within the US, under the provisions of the Standard Contractual Clauses as adopted by the European Commission or any other appropriate safeguard such as the Binding Corporate Rules  in order to ensure and provide for an adequate level of protection in relation to data privacy. For more information please see:

• https://www.imy.se/en/verksamhet/data-protection/this-applies-accordning-to-gdpr/transfer-of-data-to-a-third-country/

Mentimeter uses processors to deliver the best Services possible to you, we don’t sell personal data to processors.

Your rights

• Right to be informed. You have the right to be informed about how we process your information. We do this through this Privacy Policy, other information on our website, and by answering questions sent to us.
• Right to access your data. You may request a copy of your data by email to hello@mentimeter.com if you would like to know what personal data we process about you. This copy of your personal data can also be supplied in a machine-readable format.
• Right to rectification. You have the right to correct inaccurate or incomplete information about yourself which you can do either by managing your Account and the content contained in it through your account settings page or, in relation to personal data not manageable by the account settings page, by email to hello@mentimeter.com.
• Right to erasure. You have the right to request deletion of your personal data, for example when it is no longer necessary for us to process the data for the purpose it was collected, or when you have withdrawn your consent, which you request by email to hello@mentimeter.com.  If you are a Free User or single account User, you can always delete your entire Account by the use of the delete account function available in a logged-in state. In the event that you are a Team Member, we suggest that any request regarding personal data is sent to us via the Administrator of the Team Workspace. 
• Right to restrict processing of your data. If you believe your information is incorrect or you believe we use your data unlawfully, you have the right to ask us to stop or limit the processing, which you request by email to hello@mentimeter.com.
• Right to lodge a complaint. You have the right to lodge a complaint with your national supervisory data protection authority, or the Swedish Authority for Privacy Protection -  complaints can be made here.
• Controlling account service settings. You can always access and control the contents of your Account by logging into your Account.

We will get back to you promptly and at the latest within 30 days after receipt of your request, but please note that Mentimeter may be required by law to keep some personal data despite your request.

In cases where we process your personal data based on your consent or explicit consent, you can at any time revoke this consent, which you do by unsubscribing to emails we send you or by contacting us at hello@mentimeter.com (please see our Cookie Policy if you want to revoke consent to cookies). Revoking consent for the purpose of direct marketing via email will not lead to any detriment for you, as we do not require this type of information to provide our Services, but if you revoke your consent in relation to other matters, exercise your right to erasure or restrict our processing of your personal data in any other way, our Services can no longer be provided.

Age Restrictions

The Services are addressed to organizations and individuals being sixteen years of age or older. By registering an Account, you warrant and represent that you have that legal age as further described in the Terms.

Furthermore, our Services are not directed to children under the age of 13 years or to children whose age makes it unlawful to process their personal data or requires parental consent under applicable laws. Accordingly, we do not intend to collect personal data from anyone we know to be under this age limit.  If we learn that we have collected personal data of a child under the age of 13 years we will take reasonable steps to delete such personal data as quickly as possible. If you are the parent or legal guardian of a child under the aforementioned age limit and become aware that the child has provided personal data to us, please contact us by emailing hello@mentimeter.com.

GÉANT Code of Conduct

Mentimeter operates in accordance with the GÉANT code of conduct. More information can be found at GÉANT Data Protection Code of Conduct.

Contact

Mentimeter AB (publ) is a Swedish limited liability company with registration number 556892-5506 and registered address is Tulegatan 11, 113 86, Stockholm, Sweden. You can always reach us at privacy@mentimeter.com.

Changes To This Privacy Policy

This Privacy Policy is not part of the Terms and we may change this Privacy Policy from time to time. Laws, regulations and industry standards evolve, which may make those changes necessary, or we may make changes to our business. We will post the changes to this page and encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, we will provide additional notice through the Services or via email if you have subscribed for notifications in Policies. If you disagree with the changes to this Privacy Policy, you should delete your Account.